Application Security This Week for February 23

Portswigger (the company that makes Burp Suite) is out with their Top 10 web application hacking techniques.

https://portswigger.net/research/top-10-web-hacking-techniques-of-2019

 

Solid evidence that APIs are becoming the main target for credential stuffing attacks.

https://www.csoonline.com/article/3527858/apis-are-becoming-a-major-target-for-credential-stuffing-attacks.html

 

Another decent writeup for template injection.  Attacks like this are becoming SO much more common in SPAs.

http://ghostlulz.com/angularjs-client-side-template-injection-xss/

 

That's the news, people.  Stay safe out  there.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList